Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

anti-drew writes "The New York Times Magazine has an interesting editorial (free reg. req.) calling for open-source voting machines. From the article: 'Electronic voting has much to offer, but will we ever be able to trust these buggy machines? Yes, we will -- but only if we adopt the techniques of the 'open source' geeks.' That's quite an endorsement coming from the Times. Of course, one of the justifications was that open-source enthusiasts are 'libertarian freaks, nuttily suspicious of centralized power', who would 'scream to the high heavens if they found anything wrong'."

open-source enthusiasts are 'libertarian freaks, nuttily suspicious of centralized power', who would 'scream to the high heavens if they found anything wrong'.
The same NY Times that got Adrian Lamo busted while he found a f**king open-proxy on their network.

'libertarian freaks, nuttily suspicious of centralized power'
i thought we were socialists? what's nutty about being suspicious of centralized power? it would be naive not to be. read a frickin history book. (or a newspaper, for that matter)

I think it's a great idea... not a new one but it's probably new to the general public and the NYT clearly thinks there's nothing wrong with free registration required so there you have it! A national publication force supporting a public-trust open-source project. It's the only way to help ensure the public's interests are protected against corruption.

But the machines themselves are only part of the process. There must be audit and process supervision and that still requires people.

Of course, one of the justifications was that open-source enthusiasts are 'libertarian freaks, nuttily suspicious of centralized power', who would 'scream to the high heavens if they found anything wrong'."

For once they hit the nail on the head. Although I don't see why anyone might consider the statements to be any sort of insult. The so called "libertarian freaks" are just doing what every citizen should be doing: always questioning "centralized power". Technically, we give them the power, so why not ask why?

I could be mistaken, but wouldn't open source code for voting machines make it that much easier for someone to hack the machines if they so desired?

Wouldn't open source code for an operating system make it that much easier for someone to the hack a computer if they so desired?

The thing with open source voting machines is that anyone should be able to look at the code and notice a bug that would allow this. With closed source voting machines like Diebold's, the only ones who know if there's some backdoor or buggy code are the people who programmed it.

There's a lot worse images we could have. They even chose libertarian instead of marxist.

Besides, I think the quote is fairly accurate -- just look at how much we jump up and down about 'trivial' licence details. In the closed source world they'd just pirate the software and forget about it.

A long time ago, Linus Torvalds gave an interview in Maximum PC in which he pointed out that some people thought that open source "somehow was tied to communism." This type of thinking is still around, I think, and it's part of what fuels the Ken Browns and Darl McBrides of the world. They see something that looks a little like something they've been trained to hate with unreasoning passion, and then the blinders go on and the brains turn off.

Fortunately, I think that people are finally starting to understand exactly what the open source software movement stands for and the benefits we stand to accrue from it. 'Communism' - either in its real form or the corrupted understanding that some people seem to have of it - simply doesn't enter into the equation anymore. Open source, to many mostly computer illiterate people that I know, looks much more like an exercise in free speech than an expression of the Marxist dialectic.

Open source voting software is the best way to deal with the problems in electronic voting machines. Will it be an absolute panacea? Probably not. But in any case, it will doubtless produce more trustworthy software than anything produced by a proprietary company using proprietary software development methods on a proprietary operating system with proprietary political causes and motivations.

It would be HARDER to hack an open source voting machine for several reasons.

First: Security holes WOULD get fixed. Diebold leaves their machines open to known exploits.

Second: If the machines were open source, you can bet your complacent American ass that every CompSci doctorate student or professor would try and hack it for prestege, then submit a patch to fix it. All that BEFORE an election.

Third: At least we would know how the machinese worked. Currently our knowledge consists of: The Machines fuck Up.

Fourth: we might get a paper trail. Florida election fuckups would no longer exist.

I could be mistaken, but wouldn't open source code for voting machines make it that much easier for someone to hack the machines if they so desired?

Yes. We all know that security by obscurity is one of the best methods of ensuring that systems are secure. That is why nobody has ever been able to hack into a system running closed-source software such as Microsoft Windows.

Sarcasm aside, if the software is not open-source, there will still be many, many people that will have access to the code. The difference is that the general public won't be able to check what the code does. Are you sure that you trust every employee of Diebold (for instance) to be honest?

Open-source enthusiasts, by contrast, are precisely the sort of people you'd like to see inspecting the voting code; they're often libertarian freaks, nuttily suspicious of centralized power, and they'd scream to the high heavens if they found anything wrong.

As one of the geeks who is nuttily and loudly suspicious of the electronic voting machines, I appreciate columnist Clive Thompson's compliment and endorsement. But I think he's missing his own point.

If 10 voting equipment vendors publish their open source (remember, "open source" is not necessarily "free") software for inspection, then for each vendor, the other 9 vendors will have a strong incentive to inspect and criticize that 10th vendor's code. ("You really should want to buy *my* voting machines . . . their code sucks. Here, let me prove it. . ..")

I predict that competing commissioned salespeople can be even more nutty, suspicious, and enthusiastic than computer science professors.

I'm sure a lot of geeks will be convinced that the voting software would be safe if all the able coders can look at the voting software at their leisure and find bugs, if any. However, how do you convince the general populace this? Just saying there are random people in the world finding bugs in it doesn't seem convincing enough to a normal person who knows nothing about computers except that they can use it to get email and buy flowers. While I'm all for open source voting, I think it doesn't inspire the amount of trust necessary or as much trust as most Slashdot readers would think.

That statement should read "suspicious of unecessary centralisation". Distrust of centralisation is very much a part of the geek world: internet rather than one-to-many media like broadcast TV, bittorrent rather than ftp, the bazaar development model, the division of a working OSS system into hundreds of chunks (the kernel, kde, X, etc.) that can be arranged to suit, enthusiasm for P2P technology that goes beyond free pr0n/warez, etc. etc. etc.

This "screaming to the high heavens" isn't unique to politically-sensitive bugs. This is how the OSS development model works: let a bunch of eyeballs go over something and raise red flags if something is wrong. People would scream to the high heavens if, say, a version of KDE was released with a major memory leak; it's just part of the process.

One term that gkuz left out in his comment above is that opinion articles that appear on editorial pages that are not representative of publication itself are either op-eds (what this article is) or letters to the editor (much, much lower on the editorial food chain).

While this article was nicely supportive of open-source software, the author misses the real problem of computerized voting: lack of auditability.

There is a growing consensus that, in order to be trustable, election machines have to produce a paper ballot that can be hand-counted in case a recount is required. See, for example this article [notablesoftware.com] for a authoritative discussion of the issues by a recognized expert in the field.

Its unfortunate the U.S. is just waking up to the massive threat evoting poses to democracy. As slowly as most local governments move I wager most of them are going to go in to the next election with machines that are easily rigged. I would now lob out the conspiracy theory that the Republican's are going to use them to steal the next election but I'm starting to have my doubts. If the Republican's hold the White House and both houses of Congress, and even better achieve their holy grail of a filibuster proof majority in the Senate, which is where I think rigged voting machines is most likely to come in to play, the next election will be meaningless because the Republican's will have a defacto dictatorship in place by then, especially if they are blessed with another 9/11 they can use as an excuse to trash whats left of the constitution.

The doubts I have about this scenarios is that I'm of the opinion the election was really stolen when the media, the DNC and DLC moved Kerry from also ran to front runner and all the Democratic primary voters followed along like so many lemmings.

With Kerry as the Democratic nominee we are faced with a situation where Bush may win no matter how awful a job he does, or how dangerous he is, because no one can stand Kerry, especially after the Republican's shred him with $200 million in attack ads. He is unfortunately a two faced hypocrite and totally unlikable. I'm pretty sure Karl Rove danced a jig in the White House when Kerry moved to front runner status. I find myself hoping that the Democrats will come to their senses at the convention in Boston and realize what a loser he is and throw the nomination to Edwards. He may be inexperienced but at least he is likable in a Clintonesque sort of way.

If Kerry does win I doubt the establishment will mind, he is after a spoiled rich kid and member of Skull and Bones so he will look out for the establishment interests first, and the people's interest not at all(except to get reelected). He really doesn't seem to differ all that much from Bush. He's pretty much a fan of the war in Iraq, the only time he wasn't was when that was necessary to get the Democratic nomination. He seems to be a fan of the Patriot act and intrusive big brother government, again the only time he wasn't was when that was necessary to get the Democratic nomination. As soon as he had the nomination sowed up he rushed to the center and his first proposal was for a tax cut for corporations. He is a man in the pocket of the establishment if there ever was one.

I hate to say it but democracy is in a state of complete collapse in the U.S. There is a very small group of powerful people who decide who will be on the ballot, the media en masse anoints them and by the time it gets to the voters they are little more than a rubber stamp.

Rigged, closed source evoting is just another level of control to make sure the American people don't make a mistake and elect somebody that might upset the apple cart.

You can look at Iraq at the moment and see this same process in action. Iraq was supposed to get sovereignty and a U.N. representative was supposed to choose an interim government. Instead the U.S. appointed Iraqi governing council suddenly picked the government with massive back stage manipulation from the U.S. and surprise, surprise they are picking a man who has been on the CIA payroll for years as prime minister. He is a carbon copy of Chalibi who was the U.S. man until he fell in to disfavor. The U.S. is even interfering in the choice of the figurehead president to make sure he is pro U.S. versus the previous frontrunner who wasn't entirely a fan of U.S. occupation.

Our government is great with the empty rhetoric about freedom and democracy but if we ever found a way to actually get it they would freak and the current plutocracy would put a stop to it in a heartbeat. I find myself truly wishing Nader had a shot at the Presidency. He would be a train wreck but it would upset a very entrenched and corrupted kleptocracy. I'd just like to see it and we could start a pool on how long he would last before he was assassinated.

You're joking, right? Lamo proceeded to dive in and conduct searches without the Times permission. It's akin to the neighbor jumping through the window, rooting around inside, using your TV and refrigerator then saying "Hey, you've got an open window," as he walked away.

At first I was going to say "Of course the government should adopt open source voting machines," but then I looked at the current situation:

* The government doesn't display the diagrams to locks it has in its buildings.* Most of our miltary documents and weapondry are completely classified (can you tell me what exactly Area 51 does)?* Some of our most cherished documents (like the Constitution) are protected by systems meant to place them underground in the event of a nuclear war (Google it). But how exactly does it work? Who has access to the documents afterwards? The secret shadow government that's up and running in case of an emergency (Google it).

Fact is, very little of government is open source anythin. And yet the US has gotten along for over 200 years. While that doesn't necessarily mean things have been done "correctly", it does mean they've been sufficient enough to keep the country going. The chances we're going to change course now is unlikely.

"the only ones who know if there's some backdoor or buggy code are the people who programmed it."

A correct statement but in need of a slight clarification. The only people who are likely to know about intentional rigging are the ones who do the build that actually gets installed in the machines. I imagine most of the geeks who developed the software in Diebold's machine would have no clue about any wrongdoing. The rigging is more likely to be done by a group resembling Nixon's plumbers who are highly loyal, believe what they are doing is right in some twisted way and able to keep secrets.

Thats why its extremely disturbing to hear about massive last minute changes in the software loads on Diebold's machines in the eleventh hour before the 2002 election in Georgia, which resulted in a stunning Republican upsets for the Senate and Governor, or in the last election in California.

The current system of manually counting votes is not the equivalent of 'open source'.It is a system designed to deliver a provable result, even if the different actors during the vote and the counting don't trust each other.Going voting machine move the trust relationship, to some technical system managed by (paid or volunter) experts.

And now, some gramatical questions from someone who is not a native english/american speaker:

When you ear about thinking machines, do you think of:- machine that help to think or- machine that think ?(without speaking of an old company of the 90)When you ear about voting machines, do you think of:- machine that help to vote or- machine that vote ?

Mark an X, punch a hole in a piece of paper, write a name...and a bunch of your fellow citizens (from all sides of the political spectrum) count them, by hand. Any questions - "I demand a recount!"

Only recently has it gone into a black box. The magical computer.

A move to continue the 'openness' would be advisable, no matter what the technology.

And there's a reason the exact capabilities of military weapons are classified. If someone were to want to attack you, would you want them to know the exact maximum range of your guns and where they are deployed?

Nothing will prevent post scruinty tampering. That's what I fear most about any of this. With the fascists running the show and wanting to remain in power over those they need to "care for" I fear any method that isn't tried and true and basically tamper-proof.

Electronic voting machines need to make human readable paper ballots that *can* be hand-counted. Anything short of that opens up the elections to all sorts of tampering that can be undiscoverable, even if the code is "open source."

You can collect the votes, in a variety of electronic methods, that will meet the needs of quick reporting, but ultimately the votes need to be auditable, which means being able to recount by some manual method.

The ballots need to be human readable so that they can be verified by the voter AND the auditor.

If the protocol is secure, then it doesn't matter if the code is open source, or closed source. Whatever. As a taxpayer, I would hope that they choose something that is as inexpensive as possible that provides a secure and auditable voting record.

It's not that either! I don't like socialism but I love the idea of Free software.. it makes economic sense: don't charge more than the marginal cost of production in the long run, and for software, that's ZERO.

Free software is wonderfully capitalistic, once you get past the notion that a copyright monopoly is the same as personal property (it's not, obviously, or there would be one set of laws for both, similar violation statistics for both, and there'd be a Free Cars Foundation alongside the FSF...).

You seem to be missing the point of open source software. Anyone with the interest to do so can look at the code. If there is an exploitable flaw, it will be spotted and corrected. If the system allows someone to rig it to favor a certain candidate, that also will be spotted.

the answer is to NEVER USE COMPUTING DEVICES for voting (unless they are used to create a physical artifact like a punch card).

It doesn't matter if the code is open or closed. All the open code does is make it cheaper, simpler and probably more well-audited. But that doesn't solve the fundamental problems: nobody can ever know what goes on inside of a computer.

You don't know if the code you compiled from the voting machine website is the same as the code on the machine. Even if you got a computer expert to recompile all the code for all the machines and check with MD5, you still have no idea that the machine's screen isn't *lying* to you.

Human beings can't see bits and bytes and electronics. But they can see holes in a punch card or marks on a scantron. If the election is contested you can still count by hand, 50 times if you need to.

Open source software, great, sure, but make sure there's a paper trail!

But it would certainly help to have tons of CS Ph.D.s say "I've gone over this code and tried to hack it and it looks good" instead of "I broke into the state board of elections, completely changed the results, and erased all traces, and did it in five minutes."

it makes economic sense: don't charge more than the marginal cost of production in the long run, and for software, that's ZERO.

That is far from true. That's one of the biggest problems with our purely monetary system -- there is no measure for the labor hours, or the quality of those hours, that go into the production of much of anything. The cost of things that can't be measured monetarily is all too often assumed to be "ZERO", but that simply isn't true. Even freeware costs somebody something to make.

Also, let's keep in mind that the "free" in "free software" does not refer to money -- it doesn't mean that the software should cost $0.00. Rather, it means free as in freedom, as in we should have the freedom to use, redistribute, copy, and modify the software at will as long as any copy or modification always keeps the freedom associated with the original.

>I could be mistaken, but wouldn't open source code for voting machines make it that much easier for someone to hack the machines if they so desired?

To amend the other posters: like modern cryptography, this issue shouldn't be about whether you can hide what you're doing so no malicious user can exploit that knowledge, simply because eventually someone will find a way into the system.

The system should be designed so that even when it is clearly visible what is being done, it's impossible/unfeasible to break into the system. Again -all modern hashing and encryption algorithms (=instructions) are fully public and viewable by all. The reason they're secure is that even when knowing all the information (bar the passphrase), it would take millions of machine hours to forcibly break the encryption.

The reason that people (and by "people" I mean those individuals who decide in what direction to throw IT resources) are taking Linux and open-source more seriously has far more to do with economics than politics, neo-McCarthyism aside. Your average CEO really couldn't care (from a functional standpoint) whether his company runs Windows, Linux or anything else. What he cares about is a. how much does it cost and b. does it do the job. Open source is proving, at the corporate level that it can, in fact, do the job, and do it well.

Honestly, I don't think that Darl McBride got into this mess because he "hates" Linux and Open Source, not in the way Americans used to "hate" Russians. Hell, SCO sells the stuff, or used to. He's hardly the anti-Stallman: I doubt he has that much emotional investment in the Open Source movement. On the other hand, RMS is passionate about his cause, consistent in his expression of it, and more to the point, time has proven him right on a lot of counts.

The McBrides and Ken Browns of the world don't have blinders on: they know precisely what they are doing and why. The reason has little to do with hatred of us "communists" or any other political motivation: it has to do with opportunism and greed. I could respect McBride and those of his ilk (while vehemently disagreeing with them, of course) if they had anything resembling an ethical stance, or at least a position that doesn't change with the phases of the moon.

1. Yes, you SHOULD be that paranoid, unless you don't care if people steal elections.

2. There have been various schemes proposed to guarantee the integrity of the code - basically, a super-secure source control system to keep people from making unauthorized changes, and an independent auditing body that oversees development, tests for bugs, and supervises the installation of the software, then seals the boxes. The idea being to have multiple, redundant levels of oversight for EVERY step of the process, and to keep that oversight transparent to the public.

Doing it right will take a bit of work, but it's definitely possible. It'll never be 100% secure, but way more secure than just handing Diebold a check and trusting them to act professionally.

The key is not if the code is open source where anyone can submit modifications, the key is that the source code be open so anyone can verify any potential issues with the software.
A second written record that is the official vote is also key. This way you can routinely recount a number of boxes to look for programming errors and actually conduct a 100% recount if required.